It is not clear when TCS launched its investigation.

Customers have not been able to buy items on the M&S website since the end of April.

It said earlier this week that online services should see a gradual return to normal over the coming weeks, but some level of disruption would continue until July.

M&S estimates that the cyber-attack will hit this year's profits by around £300m.

Police are focusing on a notorious group of English-speaking hackers, known as Scattered Spider, the BBC has learned.

The same group is believed to have been behind attacks on the Co-op and Harrods, but it was M&S that suffered the biggest impact.

TCS says it has over 607,000 employees across the world and is the lead sponsor of three prestigious marathons - New York, London and Sydney.

On its website, TCS said it worked with M&S on Sparks, its customer reward scheme.

In 2023, TCS and M&S won the Retail Partnership of the Year award at the Retail Systems Awards.

TCS has a portfolio of well-known clients including the Co-op, according to its website.

There is no indication if the internal probe is also looking at the hack on the Co-Op.

TCS also counts easyjet, Nationwide and Jaguar Land Rover among its many clients.

Earlier this week, M&S chief executive Stuart Machin said: "Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption."

In a media call on Wednesday, he did not respond to a question about whether the company had paid a ransom as part of the process.